Privacy Policy

1. Who operates SveLingo

SveLingo is operated by Wenlin Fan, an independent developer based in Linköping, Sweden. For privacy requests, contact privacy@svelingo.com.

2. Data we collect

We collect the minimum data needed to provide Swedish learning features and keep the service reliable.

• Account data: email address, authentication provider details, password hash when password sign-in is used, refresh tokens, and login timestamps.
• Learning data: word progress, session history, review state, streaks, saved words, wordbooks, grammar practice state, and placement or CAT results.
• Search and dictionary activity: search queries, whether a query had results, response timing, and related technical metadata used to improve dictionary coverage.
• Diagnostics: route or page events, request status, app version, deployment environment, pseudonymised identifiers, and error details needed for troubleshooting.
• Support messages: information you choose to send when contacting support, privacy, or security channels.

3. How we use data

• Provide account access, learning sessions, review scheduling, saved words, wordbooks, and search.
• Maintain service security, detect abuse, debug errors, and measure reliability.
• Improve dictionary coverage, learning flow quality, and product usability.
• Respond to support, privacy, data export, deletion, or security requests.

4. Storage on your device

SveLingo uses browser storage for essential product behavior and preferences.

• Authentication tokens or secure cookies keep you signed in.
• Locale preferences remember your language setting.
• Recent searches, tutorial state, and in-progress practice state improve the local experience.
• A device identifier may be used for authentication, diagnostics, rate limiting, or abuse prevention.

We do not use advertising cookies. Cloudflare may use security-related cookies or similar technologies when protecting the service.

5. Diagnostics and analytics

Current diagnostics are pseudonymised, not fully anonymous. Identifiers are transformed before they are written to diagnostic logs, but they may still be linkable within operational systems.

We do not sell analytics data or use it for advertising. Before describing diagnostics as anonymous analytics, the implementation must remove or rotate persistent identifiers and keep analytics separate from operational error diagnostics.

6. Service providers

We use service providers only to operate, secure, and observe the product.

• Cloudflare: DNS, routing, security, and performance protection.
• Datadog: observability, logs, metrics, and reliability diagnostics.
• Infrastructure providers: hosting, database, storage, and deployment services needed to run SveLingo.

7. Retention

Account and learning data are kept while your account is active so the product can preserve progress. Authentication tokens expire or are revoked according to security settings.

Raw search and diagnostic logs should be retained only as long as needed for troubleshooting and product quality, then deleted or converted into aggregate metrics. During beta, retention windows may be adjusted as the operational setup matures.

8. Your choices and rights

You can request access, correction, export, or deletion of your account data by emailing privacy@svelingo.com. A self-service export and deletion flow is planned for Settings.

9. Children

SveLingo is not directed to children under 13. Minors should use the service only with consent from a parent or guardian.

10. Security

We use technical and organizational safeguards appropriate for a free beta product, including HTTPS in production, access controls, token expiry, and diagnostic filtering for sensitive keys. No online service can be guaranteed completely secure.

11. Changes

This policy may change as SveLingo moves from beta to a broader launch. Material updates will be reflected on this page with a new last-updated date.